ILOVEBYOD - the potential pitfalls of staff 'bring-your-own device' by Adam Jarvis, CEO of Intrinsic Technology on 08-Jun-2012

Twelve years ago this month, millions of computers were emailed a love letter. But far from a real love letter, the ILOVEYOU email message was actually a computer worm.

Upon opening the message, the email would automatically resend itself to the first 50 contacts in the computer’s address book. If the user then opened the attachment named LOVE-LETTER-FOR-YOU.txt, the worm would proceed to overwrite files on the machine.

The estimated damage of this cupid-like malware was a staggering $8.7 billion. And the main reason it was such a successful virus was that it played on a weakness that all security systems must deal with: people.

Human error is arguably the main cause of corporate security breaches. It’s a common misconception that dangers such as viruses, malware and data theft are the biggest threats to companies. In reality, it’s very often humans that inadvertently put information at risk; whether through simple curiosity, carelessness or ignorance.

One of the latest security issues for businesses concerns the introduction of bring-your-own-device (BYOD) policies. BYOD involves employees using their own devices (be it smartphones, laptops or tablets) at work to access the corporate network. As a concept, it’s very end-user focused - the whole model is based on making activities as easy as possible for staff. It enables mobility and gives employees greater flexibility, helping them to work more dynamically. It’s all about promoting user choice, putting employees in charge of how they work.

But these policies must take into account the curiosity and carelessness of users. Mixing personal and corporate information has its risks – so these must be approached head on.

Carelessness could manifest itself in many ways, like accidently leaving a personal device in a public place, along with the sensitive company information on the machine. Curiosity might come into play if staff decide to check personal emails on their devices – leaving the machines open to malware and viruses that could then infect any saved corporate data.

Fortunately, there are effective counter measures that can be taken to minimise the effects that employees have on security systems.

The most secure solution is to use a virtual desktop infrastructure (VDI). A VDI turns devices into simple interfaces on which to work. Nothing is actually stored on the machines - all data is kept on theserver in the data centre. From this VDI, it’s then possible to remotely lock out, or wipe any device that is lost, or appears to be acting suspiciously. This puts the power in the hands of the company.

A more novel approach is to introduce a technology allowance. If businesses provide employees with an allowance that they can spend on devices - rather than providing a standard company laptops or desktops - staff will be more likely to take care of their machines.

BYOD policies are designed to keep users happy and can do much to improve productivity and staff moral. But keep the ILOVEYOU worm in mind and put measures in place that can combat people’s natural curiosity and carelessness.

For more information about Intrinsic Technology, please visit: www.intrinsictechnology.co.uk

Tweets by @biz_works